Cybersecurity has kept the virtual world from imploding into chaos since computers (particularly personal computers) were plugged into the worldwide web. Today, the environment is such that most of the devices and gadgets used are “smart” machines connected to the cloud through the internet – and therefore making them open to cyber attacks. These devices include computers, smartphones, refrigerators, vacuum cleaners and the vehicles in our garage.
“Vehicles are becoming more and more connected. They are basically computers on wheels, and we have tens of millions of these vehicles on the road now,” said Monique Lance, the managing director at Argus, an Israeli automotive cybersecurity company. “Juniper Research suggests that the statistic will be much higher – around 775 million smart vehicles on the road by 2023,” Lance added.
“Imagine all that connectivity falling into the hands of cyber attackers. This is why we need cyber security in vehicles, because they are very quickly becoming an attractive target for criminals. It is critical for us to ensure that the automotive industry is well-prepared in this context,” she continued.
Shielding vehicles from cyber attacks is a greater concern than the security of everyday desk devices like smartphones and laptops – as unlike the latter, vehicles can wreck lives on the roads if they go rogue. In addition to that, vehicles can last far longer than home and digital appliances, making their safety pivotal in the cybersecurity landscape. As technology evolves rapidly, the world will have to contend with cyber attacks that come cloaked in different shapes and sizes, and continually update automotive cybersecurity software – even if the vehicle is old and in bad shape
Cybercriminals might have several different motivations to target a vehicle. Lance mentioned that the automotive sector should look into the type of attacks that the IT industry has faced over the years in order to pre-emptively identify and stop attacks.
“What we understand from attacks on companies and organizations through their IT networks is that the motivation for a cyber attack is usually driven by money. It is very common for cyber attackers targeting a company to ask for ransom. I believe that automotive cyber attacks will also attract such ransom demands,” said Lance. “Imagine a fleet of trucks being held ransom for just a day. The risks involved and the inability of the company to make deliveries on time would be a great incentive for it to pay a high ransom.”
Lance also mentioned that pranksters may be a problem as well, with them looking to scare drivers by turning on the radio or the cab lights. However, the line separating a prank and cybercrime is thin, as eventually, their goal is to manipulate a vehicle – with potentially far-reaching consequences that lead to drivers compromising their driving capability and causing harm.
And when civil liability comes into the picture, Lance is quick to add that the original equipment manufacturers and Tier 1 automotive suppliers need to integrate cyber security throughout their design, development and production processes, while also assisting over the vehicle’s lifespan.
“Of course, there is no guarantee that the vehicle will be 100 percent safe during an attack, even with security measures in place. This is why we at Argus offer our customers multiple layers of security. So if an attack passes through one layer, it will be identified and prevented in the next layer,” said Lance.
Layered security means implementing cybersecurity precautions at every specific stage. Vehicles will have to be continually monitored while they are on the road, and will need to be updated as and when the cyber landscape changes. Lance concluded by recommending a holistic approach to prevent attacks – “There is no silver bullet to the problem. It would help if you had response measures in place and work around with multiple security layers. You also have to make sure that you can understand attacks when they happen, and to respond readily if need be,” she said.